|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Capturing System Calls
From: Steve Mosher (goat
STYLISHPANTS.ORG)Date: Thu Jun 22 2000 - 12:12:29 CDT
- Next message: Andrew Reisse: "Re: Capturing System Calls"
- Previous message: Jonathan Leto: "Re: Capturing System Calls"
- In reply to: Green Charles Contr AFRL/IFGB: "Capturing System Calls"
- Next in thread: Chon-Chon Tang: "Re: Capturing System Calls"
- Next in thread: Andrew Reisse: "Re: Capturing System Calls"
- Reply: Steve Mosher: "Re: Capturing System Calls"
- Reply: Chon-Chon Tang: "Re: Capturing System Calls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yep. 'strace' is quite standard with Linux at least. You can use
it to start the process, or you can sick it on a currently running process
if you like (with -p <pid>). Quite nice... quite invaluable. You can't
modify the calls though...
On Thu, 22 Jun 2000, Green Charles Contr AFRL/IFGB wrote:
> On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify
> system calls calls from an application with out modifying the kernel (or
> using kernel modules) - preferably in userspace? The reason I ask is that a
> group of us are being asked to evaluate a piece of software for my company
> but they've put some heavy restrictions on how we do it. One of the
> restriction is that we're not allowed to modify the kernel.
-- Shop smart, shop S-Mart! - Ash
- Next message: Andrew Reisse: "Re: Capturing System Calls"
- Previous message: Jonathan Leto: "Re: Capturing System Calls"
- In reply to: Green Charles Contr AFRL/IFGB: "Capturing System Calls"
- Next in thread: Chon-Chon Tang: "Re: Capturing System Calls"
- Next in thread: Andrew Reisse: "Re: Capturing System Calls"
- Reply: Steve Mosher: "Re: Capturing System Calls"
- Reply: Chon-Chon Tang: "Re: Capturing System Calls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]